GNUGP new key with old data under an old gnu version - how to fix it?

Andrew Gallagher andrewg at andrewg.com
Thu Feb 27 11:31:35 CET 2020


On 26/02/2020 20:09, ADNPLANET via Gnupg-users wrote:
> 
> The new gnugp key was generated under version 2.0.22 and the data stored
> in database is under gnugp 1.45
> Then.. ALL new record is encrypted perfectly and appears in the
> database, but the archive of a LOT records are missing, because the
> system is not displaying the data encrypted with the old version.

Firstly, are you sure you have both the old and new keys in your private
keyring? If an encryption key expires, it just means that nothing should
be encrypted *to* it any more, but unless you believe that it has been
compromised it is still safe to use to process existing data. So don't
delete it. :-)

If you do have the old key but it isn't decrypting the old data, then it
may be because the old data is using an outdated format. Try passing the
option --ignore-mdc-error and see what happens. Are there any error
messages emitted? Can you export one of the encrypted blobs to local
disk and decrypt it on the command line?

> My questions :
> 
> 1 - is possible to dwongrade the GNUGP version to 1.45 in the server
> using cpanel + cloudlinux and then, re-generate the key using the old
> 1.45 version?

Yes, but I would only recommend this as a last resort. Also note that if
you do this you will lose access to all your *new* data, which may be a
worse outcome for you, depending on your use case.

> 2 - or is possible to update the entire database to read the encrypted
> data wit the new key generated under the new version?

Yes, but it will depend on you being able to decrypt the old data so we
should fix that problem first...

> 3 - or i´m doing something wrong ???

Maybe, what *exactly* are you doing? Without divulging any secrets. :-)

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200227/717e497c/attachment-0001.sig>


More information about the Gnupg-users mailing list